Reputational Risk: A Bigger Piece of Investor Legal Actions

By Dr. Nir Kossovsky
April 30, 2019

What recent actions against SeaWorld, Wells Fargo, and others, portend for corporate and director exposure

Last year, the Securities and Exchange Commission (SEC) extracted a $5 million settlement from SeaWorld and its CEO because the company “described its reputation as one of its ‘most important assets,’ but it failed to disclose the adverse impact [of a recent documentary].” Meanwhile, shareholders in a derivative suit expect to extract $320 million from Wells Fargo’s board and executives for breaching their fiduciary duties and failing, at multiple levels, in “overseeing reputation risk” and “the company’s reputation risk management framework.”

They’re not alone.

Reputation has increasingly become a focal point of investors’ legal action. Steel City Re’s research shows six derivative lawsuits filed in U.S. federal courts over the past nine months alleging board culpability for causing reputational harm – more than were filed in the entire seven years prior to that. 

These are bright signs that reputation risk, historically tried in the court of public opinion, is now both a corporate and personal matter in the court of law. Directors and officers would be wise to head off this new material corporate and personal exposure with an appropriate protection strategy.

The SEC’s beef with Seaworld and its leadership, which cost its CEO $1 million in penalties and disgorgement, centered on the fact that SeaWorld did not meet regulatory expectation for disclosing material change to its reputation. SeaWorld, along with countless numbers of other public companies and 90% percent of the S&P 500, create this expectation annually by referring to reputation in their SEC filings as a material asset, and its loss as a material risk.

In addition to a duty to report material changes, such disclosures also create the implicit expectation that reputation risk will be managed or mitigated. The 3rd Circuit Court of Appeals affirmed that board oversight of such risks is part of a board’s ordinary business. The settlement on behalf of Wells Fargo for oversight failure is expected to include disgorgement of $80 million from board members and executives in addition to what investors are calling "the largest shareholder derivative recovery in history."

As an aside, this experience will likely be a lasting mark against Wells Fargo’s directors with D&O insurers in the future.  It is not surprising that less than three years out from the bursting of the string of scandals at the banking behemoth, only four of the original 15 board members remain and that the nine who stepped down are also no longer serving on 11 other public company boards. The average annual compensation lost to these former board members: $600,000.

Regulatory and investment community forces potentially costly to corporate board members are converging. In addition to SEC’s interests, the U.S. Justice Department has implemented a new prosecutorial policy it described by saying: “Corporate cases often penalize innocent employees and shareholders without effectively punishing the human beings responsible for making corrupt decisions.” This new policy essentially incentivizes companies to sweep individual directors—including those potentially exculpable—into the pool of suspected or alleged offenders. This is a policy promulgated under a relatively business-friendly administration.

A less friendly administration might be more accepting of a proposal from U.S. Senator and Presidential candidate Elizabeth Warren, who is promoting legislation that would require CEOs to certify that they conducted a due diligence inquiry and affirm that no illegal conduct was occurring at their company on their watch. They could be criminally prosecuted for failing to meet that standard. Senator Warren specifically calls out Wells Fargo as an example in her recent op-ed article on the subject.

Despite all this, many companies continue to treat reputation as a marketing issue or something that can be mitigated through Corporate Social Responsibility campaigns. But marketing by its nature is aspirational – it sets expectations optimistically, with an eye toward positive coverage in the media. At the same time, marketing departments have no ability to move corporate operations that are outside of their own silo into alignment with the optimistic brand identity they create. Ironically, these efforts at bolstering corporate image pose significant risk – setting stakeholder expectations at a level that is out of alignment with reality, thereby creating reputation risk.

Some companies and their boards are beginning to realize the danger this expectations gap poses to their reputations and are moving reputation risk under risk management departments, which is where it should be.  As they do in addressing every other type of risk, risk managers are empowered to analyze operations throughout the enterprise and bring together resources from disparate silos to anticipate enterprise-wide risks and mitigate them. They’re adjusting their governance processes to view reputation risk as an enterprise risk management issue.

Boards rightfully turn to insurances to help manage their risks and, up until now, that has mainly meant director and officer (D&O) coverage. But in cases like these, traditional director and officer insurance won’t help them. While D&O policies may insulate against direct litigation-related costs, it offers individuals no protection for damage suffered as a result of sullied reputations. As commonplace as D&O coverage has become, it holds no sway in the court of public opinion and cannot indemnify against lost future incomes, among other related losses.

Corporate leadership needs new and more effective protection against the impact of reputational crises, for the enterprise and for themselves individually – protections that credibly establish their fulfillment of their management duties; blunt litigious, regulatory and popular attacks; and enable the company to mount stronger defenses when attacks do occur.

They need to establish firmly in the minds of their myriad stakeholders—customers, employees, investors, and regulators, for example—that directors have fulfilled their oversight duties. Otherwise, they may find themselves in the position of having to explain why, having overseen companies that mention reputational risk repeatedly in public filings, their quiescence was not negligent.

Reputation has been on boards’ radar screens for many years. But now, it needs to mature from a discussion agenda item to a governance oversight and action item. Boards that fail to address reputational risk with a comprehensive, enterprise reputation risk management and governance strategy will be leaving their companies and themselves in serious peril.

Nir Kossovsky is CEO of Steel City Re, which analyzes and offers risk management tools and insurance to protect the reputational value and resilience of companies.